NetworkFirewall / Client / get_analysis_report_results
get_analysis_report_results#
- NetworkFirewall.Client.get_analysis_report_results(**kwargs)#
The results of a
COMPLETEDanalysis report generated with StartAnalysisReport.For more information, see AnalysisTypeReportResult.
See also: AWS API Documentation
Request Syntax
response = client.get_analysis_report_results( FirewallName='string', AnalysisReportId='string', FirewallArn='string', NextToken='string', MaxResults=123 )
- Parameters:
FirewallName (string) –
The descriptive name of the firewall. You can’t change the name of a firewall after you create it.
You must specify the ARN or the name, and you can specify both.
AnalysisReportId (string) –
[REQUIRED]
The unique ID of the query that ran when you requested an analysis report.
FirewallArn (string) –
The Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
NextToken (string) – When you request a list of objects with a
MaxResultssetting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns aNextTokenvalue in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.MaxResults (integer) – The maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a
NextTokenvalue that you can use in a subsequent call to get the next batch of objects.
- Return type:
dict
- Returns:
Response Syntax
{ 'Status': 'string', 'StartTime': datetime(2015, 1, 1), 'EndTime': datetime(2015, 1, 1), 'ReportTime': datetime(2015, 1, 1), 'AnalysisType': 'TLS_SNI'|'HTTP_HOST', 'NextToken': 'string', 'AnalysisReportResults': [ { 'Protocol': 'string', 'FirstAccessed': datetime(2015, 1, 1), 'LastAccessed': datetime(2015, 1, 1), 'Domain': 'string', 'Hits': { 'Count': 123 }, 'UniqueSources': { 'Count': 123 } }, ] }
Response Structure
(dict) –
Status (string) –
The status of the analysis report you specify. Statuses include
RUNNING,COMPLETED, orFAILED.StartTime (datetime) –
The date and time within the last 30 days from which to start retrieving analysis data, in UTC format (for example,
YYYY-MM-DDTHH:MM:SSZ.EndTime (datetime) –
The date and time, up to the current date, from which to stop retrieving analysis data, in UTC format (for example,
YYYY-MM-DDTHH:MM:SSZ).ReportTime (datetime) –
The date and time the analysis report was ran.
AnalysisType (string) –
The type of traffic that will be used to generate a report.
NextToken (string) –
When you request a list of objects with a
MaxResultssetting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns aNextTokenvalue in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.AnalysisReportResults (list) –
Retrieves the results of a traffic analysis report.
(dict) –
The results of a
COMPLETEDanalysis report generated with StartAnalysisReport.For an example of traffic analysis report results, see the response syntax of GetAnalysisReportResults.
Protocol (string) –
The type of traffic captured by the analysis report.
FirstAccessed (datetime) –
The date and time any domain was first accessed (within the last 30 day period).
LastAccessed (datetime) –
The date and time any domain was last accessed (within the last 30 day period).
Domain (string) –
The most frequently accessed domains.
Hits (dict) –
The number of attempts made to access a observed domain.
Count (integer) –
The number of attempts made to access a domain.
UniqueSources (dict) –
The number of unique source IP addresses that connected to a domain.
Count (integer) –
The number of unique source IP addresses that connected to a domain.
Exceptions